tcmu: Add global data block pool support

#include <linux/bitops.h>

#include <linux/highmem.h>

#include <linux/configfs.h>

#include <linux/mutex.h>

#include <linux/kthread.h>

#include <net/genetlink.h>

#include <scsi/scsi_common.h>

#include <scsi/scsi_proto.h>

#define TCMU_TIME_OUT (30 * MSEC_PER_SEC)

/* For cmd area, the size is fixed 2M */

#define CMDR_SIZE (2 * 1024 * 1024)

/* For cmd area, the size is fixed 8MB */

#define CMDR_SIZE (8 * 1024 * 1024)

/* For data area, the size is fixed 32M */

#define DATA_BLOCK_BITS (8 * 1024)

#define DATA_BLOCK_SIZE 4096

/*

 * For data area, the block size is PAGE_SIZE and

 * the total size is 256K * PAGE_SIZE.

 */

#define DATA_BLOCK_SIZE PAGE_SIZE

#define DATA_BLOCK_BITS (256 * 1024)

#define DATA_SIZE (DATA_BLOCK_BITS * DATA_BLOCK_SIZE)

#define DATA_BLOCK_INIT_BITS 128

/* The ring buffer size is 34M */

/* The total size of the ring is 8M + 256K * PAGE_SIZE */

#define TCMU_RING_SIZE (CMDR_SIZE + DATA_SIZE)

/* Default maximum of the global data blocks(512K * PAGE_SIZE) */

#define TCMU_GLOBAL_MAX_BLOCKS (512 * 1024)

static struct device *tcmu_root_device;

struct tcmu_hba {

#define TCMU_CONFIG_LEN 256

struct tcmu_dev {

	struct list_head node;

	struct se_device se_dev;

	char *name;

	struct uio_info uio_info;

	struct inode *inode;

	struct tcmu_mailbox *mb_addr;

	size_t dev_size;

	u32 cmdr_size;

	size_t data_size;

	wait_queue_head_t wait_cmdr;

	/* TODO should this be a mutex? */

	spinlock_t cmdr_lock;

	struct mutex cmdr_lock;

	bool waiting_global;

	uint32_t dbi_max;

	uint32_t dbi_thresh;

	DECLARE_BITMAP(data_bitmap, DATA_BLOCK_BITS);

	struct radix_tree_root data_blocks;

	unsigned long flags;

};

static struct task_struct *unmap_thread;

static wait_queue_head_t unmap_wait;

static DEFINE_MUTEX(root_udev_mutex);

static LIST_HEAD(root_udev);

static atomic_t global_db_count = ATOMIC_INIT(0);

static struct kmem_cache *tcmu_cmd_cache;

/* multicast group */

#define tcmu_cmd_set_dbi(cmd, index) ((cmd)->dbi[(cmd)->dbi_cur++] = (index))

#define tcmu_cmd_get_dbi(cmd) ((cmd)->dbi[(cmd)->dbi_cur++])

static void tcmu_cmd_free_data(struct tcmu_cmd *tcmu_cmd)

static void tcmu_cmd_free_data(struct tcmu_cmd *tcmu_cmd, uint32_t len)

{

	struct tcmu_dev *udev = tcmu_cmd->tcmu_dev;

	uint32_t i;

	for (i = 0; i < tcmu_cmd->dbi_cnt; i++)

	for (i = 0; i < len; i++)

		clear_bit(tcmu_cmd->dbi[i], udev->data_bitmap);

}

static int tcmu_get_empty_block(struct tcmu_dev *udev, void **addr)

static inline bool tcmu_get_empty_block(struct tcmu_dev *udev,

					struct tcmu_cmd *tcmu_cmd)

{

	void *p;

	uint32_t dbi;

	int ret;

	struct page *page;

	int ret, dbi;

	dbi = find_first_zero_bit(udev->data_bitmap, udev->dbi_thresh);

	if (dbi == udev->dbi_thresh)

		return false;

	page = radix_tree_lookup(&udev->data_blocks, dbi);

	if (!page) {

		if (atomic_add_return(1, &global_db_count) >

					TCMU_GLOBAL_MAX_BLOCKS) {

			atomic_dec(&global_db_count);

			return false;

		}

		/* try to get new page from the mm */

		page = alloc_page(GFP_KERNEL);

		if (!page)

			return false;

		ret = radix_tree_insert(&udev->data_blocks, dbi, page);

		if (ret) {

			__free_page(page);

			return false;

		}

	}

	dbi = find_first_zero_bit(udev->data_bitmap, DATA_BLOCK_BITS);

	if (dbi > udev->dbi_max)

		udev->dbi_max = dbi;

	set_bit(dbi, udev->data_bitmap);

	tcmu_cmd_set_dbi(tcmu_cmd, dbi);

	p = radix_tree_lookup(&udev->data_blocks, dbi);

	if (!p) {

		p = kzalloc(DATA_BLOCK_SIZE, GFP_ATOMIC);

		if (!p) {

			clear_bit(dbi, udev->data_bitmap);

			return -ENOMEM;

	return true;

}

		ret = radix_tree_insert(&udev->data_blocks, dbi, p);

		if (ret) {

			kfree(p);

			clear_bit(dbi, udev->data_bitmap);

			return ret;

		}

static bool tcmu_get_empty_blocks(struct tcmu_dev *udev,

				  struct tcmu_cmd *tcmu_cmd)

{

	int i;

	udev->waiting_global = false;

	for (i = tcmu_cmd->dbi_cur; i < tcmu_cmd->dbi_cnt; i++) {

		if (!tcmu_get_empty_block(udev, tcmu_cmd))

			goto err;

	}

	return true;

	*addr = p;

	return dbi;

err:

	udev->waiting_global = true;

	/* Try to wake up the unmap thread */

	wake_up(&unmap_wait);

	return false;

}

static void *tcmu_get_block_addr(struct tcmu_dev *udev, uint32_t dbi)

static inline struct page *

tcmu_get_block_page(struct tcmu_dev *udev, uint32_t dbi)

{

	return radix_tree_lookup(&udev->data_blocks, dbi);

}

	return (size_t)iov->iov_base + iov->iov_len;

}

static int alloc_and_scatter_data_area(struct tcmu_dev *udev,

static int scatter_data_area(struct tcmu_dev *udev,

	struct tcmu_cmd *tcmu_cmd, struct scatterlist *data_sg,

	unsigned int data_nents, struct iovec **iov,

	int *iov_cnt, bool copy_data)

	void *from, *to = NULL;

	size_t copy_bytes, to_offset, offset;

	struct scatterlist *sg;

	struct page *page;

	for_each_sg(data_sg, sg, data_nents, i) {

		int sg_remaining = sg->length;

		from = kmap_atomic(sg_page(sg)) + sg->offset;

		while (sg_remaining > 0) {

			if (block_remaining == 0) {

				if (to)

					kunmap_atomic(to);

				block_remaining = DATA_BLOCK_SIZE;

				dbi = tcmu_get_empty_block(udev, &to);

				if (dbi < 0) {

					kunmap_atomic(from - sg->offset);

					return dbi;

				}

				tcmu_cmd_set_dbi(tcmu_cmd, dbi);

				dbi = tcmu_cmd_get_dbi(tcmu_cmd);

				page = tcmu_get_block_page(udev, dbi);

				to = kmap_atomic(page);

			}

			copy_bytes = min_t(size_t, sg_remaining,

		}

		kunmap_atomic(from - sg->offset);

	}

	if (to)

		kunmap_atomic(to);

	return 0;

}

	struct se_cmd *se_cmd = cmd->se_cmd;

	int i, dbi;

	int block_remaining = 0;

	void *from, *to;

	void *from = NULL, *to;

	size_t copy_bytes, offset;

	struct scatterlist *sg, *data_sg;

	struct page *page;

	unsigned int data_nents;

	uint32_t count = 0;

		to = kmap_atomic(sg_page(sg)) + sg->offset;

		while (sg_remaining > 0) {

			if (block_remaining == 0) {

				if (from)

					kunmap_atomic(from);

				block_remaining = DATA_BLOCK_SIZE;

				dbi = tcmu_cmd_get_dbi(cmd);

				from = tcmu_get_block_addr(udev, dbi);

				page = tcmu_get_block_page(udev, dbi);

				from = kmap_atomic(page);

			}

			copy_bytes = min_t(size_t, sg_remaining,

					block_remaining);

		}

		kunmap_atomic(to - sg->offset);

	}

	if (from)

		kunmap_atomic(from);

}

static inline size_t spc_bitmap_free(unsigned long *bitmap)

static inline size_t spc_bitmap_free(unsigned long *bitmap, uint32_t thresh)

{

	return DATA_BLOCK_SIZE * (DATA_BLOCK_BITS -

			bitmap_weight(bitmap, DATA_BLOCK_BITS));

	return DATA_BLOCK_SIZE * (thresh - bitmap_weight(bitmap, thresh));

}

/*

 *

 * Called with ring lock held.

 */

static bool is_ring_space_avail(struct tcmu_dev *udev, size_t cmd_size, size_t data_needed)

static bool is_ring_space_avail(struct tcmu_dev *udev, struct tcmu_cmd *cmd,

		size_t cmd_size, size_t data_needed)

{

	struct tcmu_mailbox *mb = udev->mb_addr;

	uint32_t blocks_needed = (data_needed + DATA_BLOCK_SIZE - 1)

				/ DATA_BLOCK_SIZE;

	size_t space, cmd_needed;

	u32 cmd_head;

		return false;

	}

	space = spc_bitmap_free(udev->data_bitmap);

	/* try to check and get the data blocks as needed */

	space = spc_bitmap_free(udev->data_bitmap, udev->dbi_thresh);

	if (space < data_needed) {

		pr_debug("no data space: only %zu available, but ask for %zu\n",

				space, data_needed);

		unsigned long blocks_left = DATA_BLOCK_BITS - udev->dbi_thresh;

		unsigned long grow;

		if (blocks_left < blocks_needed) {

			pr_debug("no data space: only %lu available, but ask for %zu\n",

					blocks_left * DATA_BLOCK_SIZE,

					data_needed);

			return false;

		}

		/* Try to expand the thresh */

		if (!udev->dbi_thresh) {

			/* From idle state */

			uint32_t init_thresh = DATA_BLOCK_INIT_BITS;

			udev->dbi_thresh = max(blocks_needed, init_thresh);

		} else {

			/*

			 * Grow the data area by max(blocks needed,

			 * dbi_thresh / 2), but limited to the max

			 * DATA_BLOCK_BITS size.

			 */

			grow = max(blocks_needed, udev->dbi_thresh / 2);

			udev->dbi_thresh += grow;

			if (udev->dbi_thresh > DATA_BLOCK_BITS)

				udev->dbi_thresh = DATA_BLOCK_BITS;

		}

	}

	if (!tcmu_get_empty_blocks(udev, cmd))

		return false;

	return true;

}

	WARN_ON(command_size & (TCMU_OP_ALIGN_SIZE-1));

	spin_lock_irq(&udev->cmdr_lock);

	mutex_lock(&udev->cmdr_lock);

	mb = udev->mb_addr;

	cmd_head = mb->cmd_head % udev->cmdr_size; /* UAM */

		pr_warn("TCMU: Request of size %zu/%zu is too big for %u/%zu "

			"cmd ring/data area\n", command_size, data_length,

			udev->cmdr_size, udev->data_size);

		spin_unlock_irq(&udev->cmdr_lock);

		mutex_unlock(&udev->cmdr_lock);

		return TCM_INVALID_CDB_FIELD;

	}

	while (!is_ring_space_avail(udev, command_size, data_length)) {

	while (!is_ring_space_avail(udev, tcmu_cmd, command_size, data_length)) {

		int ret;

		DEFINE_WAIT(__wait);

		prepare_to_wait(&udev->wait_cmdr, &__wait, TASK_INTERRUPTIBLE);

		pr_debug("sleeping for ring space\n");

		spin_unlock_irq(&udev->cmdr_lock);

		mutex_unlock(&udev->cmdr_lock);

		if (udev->cmd_time_out)

			ret = schedule_timeout(

					msecs_to_jiffies(udev->cmd_time_out));

			return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;

		}

		spin_lock_irq(&udev->cmdr_lock);

		mutex_lock(&udev->cmdr_lock);

		/* We dropped cmdr_lock, cmd_head is stale */

		cmd_head = mb->cmd_head % udev->cmdr_size; /* UAM */

	entry->hdr.uflags = 0;

	/* Handle allocating space from the data area */

	tcmu_cmd_reset_dbi_cur(tcmu_cmd);

	iov = &entry->req.iov[0];

	iov_cnt = 0;

	copy_to_data_area = (se_cmd->data_direction == DMA_TO_DEVICE

		|| se_cmd->se_cmd_flags & SCF_BIDI);

	ret = alloc_and_scatter_data_area(udev, tcmu_cmd,

			se_cmd->t_data_sg, se_cmd->t_data_nents,

			&iov, &iov_cnt, copy_to_data_area);

	ret = scatter_data_area(udev, tcmu_cmd, se_cmd->t_data_sg,

				se_cmd->t_data_nents, &iov, &iov_cnt,

				copy_to_data_area);

	if (ret) {

		spin_unlock_irq(&udev->cmdr_lock);

		tcmu_cmd_free_data(tcmu_cmd, tcmu_cmd->dbi_cnt);

		mutex_unlock(&udev->cmdr_lock);

		pr_err("tcmu: alloc and scatter data failed\n");

		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;

	}

	if (se_cmd->se_cmd_flags & SCF_BIDI) {

		iov_cnt = 0;

		iov++;

		ret = alloc_and_scatter_data_area(udev, tcmu_cmd,

		ret = scatter_data_area(udev, tcmu_cmd,

					se_cmd->t_bidi_data_sg,

					se_cmd->t_bidi_data_nents,

					&iov, &iov_cnt, false);

		if (ret) {

			spin_unlock_irq(&udev->cmdr_lock);

			tcmu_cmd_free_data(tcmu_cmd, tcmu_cmd->dbi_cnt);

			mutex_unlock(&udev->cmdr_lock);

			pr_err("tcmu: alloc and scatter bidi data failed\n");

			return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;

		}

	UPDATE_HEAD(mb->cmd_head, command_size, udev->cmdr_size);

	tcmu_flush_dcache_range(mb, sizeof(*mb));

	spin_unlock_irq(&udev->cmdr_lock);

	mutex_unlock(&udev->cmdr_lock);

	/* TODO: only if FLUSH and FUA? */

	uio_event_notify(&udev->uio_info);

out:

	cmd->se_cmd = NULL;

	tcmu_cmd_free_data(cmd);

	tcmu_cmd_free_data(cmd, cmd->dbi_cnt);

	tcmu_free_cmd(cmd);

}

static unsigned int tcmu_handle_completions(struct tcmu_dev *udev)

{

	struct tcmu_mailbox *mb;

	unsigned long flags;

	int handled = 0;

	if (test_bit(TCMU_DEV_BIT_BROKEN, &udev->flags)) {

		return 0;

	}

	spin_lock_irqsave(&udev->cmdr_lock, flags);

	mb = udev->mb_addr;

	tcmu_flush_dcache_range(mb, sizeof(*mb));

	if (mb->cmd_tail == mb->cmd_head)

		del_timer(&udev->timeout); /* no more pending cmds */

	spin_unlock_irqrestore(&udev->cmdr_lock, flags);

	wake_up(&udev->wait_cmdr);

	return handled;

{

	struct tcmu_dev *udev = (struct tcmu_dev *)data;

	unsigned long flags;

	int handled;

	handled = tcmu_handle_completions(udev);

	pr_warn("%d completions handled from timeout\n", handled);

	spin_lock_irqsave(&udev->commands_lock, flags);

	idr_for_each(&udev->commands, tcmu_check_expired_cmd, NULL);

	spin_unlock_irqrestore(&udev->commands_lock, flags);

	/* Try to wake up the ummap thread */

	wake_up(&unmap_wait);

	/*

	 * We don't need to wakeup threads on wait_cmdr since they have their

	 * own timeout.

	udev->cmd_time_out = TCMU_TIME_OUT;

	init_waitqueue_head(&udev->wait_cmdr);

	spin_lock_init(&udev->cmdr_lock);

	mutex_init(&udev->cmdr_lock);

	idr_init(&udev->commands);

	spin_lock_init(&udev->commands_lock);

{

	struct tcmu_dev *tcmu_dev = container_of(info, struct tcmu_dev, uio_info);

	mutex_lock(&tcmu_dev->cmdr_lock);

	tcmu_handle_completions(tcmu_dev);

	mutex_unlock(&tcmu_dev->cmdr_lock);

	return 0;

}

static void tcmu_blocks_release(struct tcmu_dev *udev, bool release_pending)

/*

 * mmap code from uio.c. Copied here because we want to hook mmap()

 * and this stuff must come along.

 */

static int tcmu_find_mem_index(struct vm_area_struct *vma)

{

	uint32_t dbi, end;

	void *addr;

	spin_lock_irq(&udev->cmdr_lock);

	end = udev->dbi_max + 1;

	struct tcmu_dev *udev = vma->vm_private_data;

	struct uio_info *info = &udev->uio_info;

	/* try to release all unused blocks */

	dbi = find_first_zero_bit(udev->data_bitmap, end);

	if (dbi >= end) {

		spin_unlock_irq(&udev->cmdr_lock);

		return;

	if (vma->vm_pgoff < MAX_UIO_MAPS) {

		if (info->mem[vma->vm_pgoff].size == 0)

			return -1;

		return (int)vma->vm_pgoff;

	}

	return -1;

}

	do {

		addr = radix_tree_delete(&udev->data_blocks, dbi);

		kfree(addr);

		dbi = find_next_zero_bit(udev->data_bitmap, end, dbi + 1);

	} while (dbi < end);

	if (!release_pending)

		return;

static struct page *tcmu_try_get_block_page(struct tcmu_dev *udev, uint32_t dbi)

{

	struct page *page;

	int ret;

	/* try to release all pending blocks */

	dbi = find_first_bit(udev->data_bitmap, end);

	if (dbi >= end) {

		spin_unlock_irq(&udev->cmdr_lock);

		return;

	mutex_lock(&udev->cmdr_lock);

	page = tcmu_get_block_page(udev, dbi);

	if (likely(page)) {

		mutex_unlock(&udev->cmdr_lock);

		return page;

	}

	do {

		addr = radix_tree_delete(&udev->data_blocks, dbi);

		kfree(addr);

		dbi = find_next_bit(udev->data_bitmap, end, dbi + 1);

	} while (dbi < end);

	/*

	 * Normally it shouldn't be here:

	 * Only when the userspace has touched the blocks which

	 * are out of the tcmu_cmd's data iov[], and will return

	 * one zeroed page.

	 */

	pr_warn("Block(%u) out of cmd's iov[] has been touched!\n", dbi);

	pr_warn("Mostly it will be a bug of userspace, please have a check!\n");

	spin_unlock_irq(&udev->cmdr_lock);

	if (dbi >= udev->dbi_thresh) {

		/* Extern the udev->dbi_thresh to dbi + 1 */

		udev->dbi_thresh = dbi + 1;

		udev->dbi_max = dbi;

	}

static void tcmu_vma_close(struct vm_area_struct *vma)

{

	struct tcmu_dev *udev = vma->vm_private_data;

	page = radix_tree_lookup(&udev->data_blocks, dbi);

	if (!page) {

		page = alloc_page(GFP_KERNEL | __GFP_ZERO);

		if (!page) {

			mutex_unlock(&udev->cmdr_lock);

			return NULL;

		}

	tcmu_blocks_release(udev, false);

		ret = radix_tree_insert(&udev->data_blocks, dbi, page);

		if (ret) {

			mutex_unlock(&udev->cmdr_lock);

			__free_page(page);

			return NULL;

		}

		/*

 * mmap code from uio.c. Copied here because we want to hook mmap()

 * and this stuff must come along.

		 * Since this case is rare in page fault routine, here we

		 * will allow the global_db_count >= TCMU_GLOBAL_MAX_BLOCKS

		 * to reduce possible page fault call trace.

		 */

static int tcmu_find_mem_index(struct vm_area_struct *vma)

{

	struct tcmu_dev *udev = vma->vm_private_data;

	struct uio_info *info = &udev->uio_info;

	if (vma->vm_pgoff < MAX_UIO_MAPS) {

		if (info->mem[vma->vm_pgoff].size == 0)

			return -1;

		return (int)vma->vm_pgoff;

		atomic_inc(&global_db_count);

	}

	return -1;

	mutex_unlock(&udev->cmdr_lock);

	return page;

}

static int tcmu_vma_fault(struct vm_fault *vmf)

		addr = (void *)(unsigned long)info->mem[mi].addr + offset;

		page = vmalloc_to_page(addr);

	} else {

		/* For the dynamically growing data area pages */

		uint32_t dbi;

		/* For the dynamically growing data area pages */

		dbi = (offset - udev->data_off) / DATA_BLOCK_SIZE;

		addr = tcmu_get_block_addr(udev, dbi);

		if (!addr)

		page = tcmu_try_get_block_page(udev, dbi);

		if (!page)

			return VM_FAULT_NOPAGE;

		page = virt_to_page(addr);

	}

	get_page(page);

}

static const struct vm_operations_struct tcmu_vm_ops = {

	.close = tcmu_vma_close,

	.fault = tcmu_vma_fault,

};

	if (test_and_set_bit(TCMU_DEV_BIT_OPEN, &udev->flags))

		return -EBUSY;

	udev->inode = inode;